The attacker who penetrated the Dutch CA DigiNotar last year had complete control of all eight of the company's certificate-issuing servers during the operation and he may also have issued some rogue certificates that have not yet been identified. The final report from a security company commissioned to investigate the DigiNotar attack shows that the compromise of the now-bankrupt certificate authority was much deeper than previously thought.

The security specialists at Fox-IT have released a 101-page report that almost reads like a whodunit story. The subject is the break-in at Dutch certificate authority (CA) DigiNotar, which Fox-IT has been in charge of investigating. Last year, a clever hacker managed to break into DigiNotar's infrastructure over the internet and issue large numbers of SSL certificates for important domains like google.com, microsoft.com and skype.com